😭
WSOB (CVE-2022-29464)
CVE-2022-29464 details:
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.
Source: https://nvd.nist.gov/vuln/detail/CVE-2022-29464
⚡
Installing / Getting started
A quick guide of how to install and use WSOB.
1. Clone the repository - git clone https://github.com/oppsec/wsob.git
2. Install the libraries - pip3 install -r requirements.txt
3. Run WSOB2 - python3 main.py -u https://example.com
⚙️
Pre-requisites
- Python 3 installed on your machine.
- Install the libraries with
pip3 install -r requirements.txt
🔨
Contributing
A quick guide of how to contribute with the project.
1. Create a fork from WSOB repository
2. Download the project with git clone https://github.com/your/wsob.git
3. Make your changes
4. Commit and make a git push
5. Open a pull request
🙏
Credits
- Credits to hakivvi for the original exploit
⚠️
Warning
- The developer is not responsible for any malicious use of this tool.
108 Dec 4, 2021
80 Nov 28, 2022
26 Dec 26, 2022
16 Dec 18, 2022
2 Feb 15, 2022
365 Nov 30, 2022
52 Dec 22, 2022
275 Jan 8, 2023
58 Dec 5, 2022
68 Jan 04, 2023
13 Nov 03, 2022
835 Jan 05, 2023
105 Nov 22, 2022
5 Dec 28, 2021
165 Dec 28, 2022
7 Aug 06, 2022
2 Jun 06, 2022
1 Nov 15, 2021
2 Jan 25, 2022
283 Dec 29, 2022
10 Dec 30, 2022
3 Oct 05, 2022
10 Oct 31, 2022
1 Nov 28, 2021
3 Mar 29, 2022
4 Dec 07, 2021
150 Jan 03, 2023
53 Nov 01, 2022
12 Nov 22, 2022